- CISSP in 21 Days Second Edition
- CISSP in 21 Days Second Edition
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Day 1 – Security and Risk Management - Security, Compliance, and Policies
- 2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education
- 3. Day 3 – Asset Security - Information and Asset Classification
- 4. Day 4 – Asset Security - Data Security Controls and Handling
- 5. Day 5 – Exam Cram and Practice Questions
- 6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation
- 7. Day 7 – Security Engineering - Cryptography
- 8. Day 8 – Communication and Network Security - Network Security
- An overview of communication and network security
- Network architecture, protocols, and technologies
- Open System Interconnect (OSI) model
- OSI layers and security
- Application layer protocols and security
- Presentation layer protocols and security
- Summary
- Sample questions
- 9. Day 9 – Communication and Network Security - Communication Security
- An overview of communication security
- Security in communication channels
- Attacks on communication networks
- Preventing or mitigating communication network attacks
- Summary
- Sample questions
- 10. Day 10 – Exam Cram and Practice Questions
- 11. Day 11 – Identity and Access Management - Identity Management
- 12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks
- 13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests
- An overview of security assessment and testing
- Security assessment and test strategies
- Security controls
- Summary
- Sample questions
- 14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting
- 15. Day 15 – Exam Cram and Practice Questions
- 16. Day 16 – Security Operations - Foundational Concepts
- An overview of operations security
- The physical security design
- Physical and operations security controls
- Operations/facility security
- Protecting and securing equipment
- Computer investigations
- Summary
- Sample questions
- 17. Day 17 – Security Operations - Incident Management and Disaster Recovery
- 18. Day 18 – Software Development Security - Security in Software Development Life Cycle
- 19. Day 19 – Software Development Security - Assessing effectiveness of Software Security
- 20. Day 20 – Exam Cram and Practice Questions
- 21. Day 21 – Exam Cram and Mock Test
Q1. Which one of the following is not a security testing control?
- Vulnerability assessment
- Penetration testing
- Departmental tests
- Denial of Service Tests
Q2. Access is controlled through a retina scanner for the identification, authentication, and authorization of operators to a data center. A legitimate user was erroneously denied access during a scan. Such errors can be categorized under which one of the following?
- False negative
- False positive
- False rating
- True negative
Q3. The effectiveness of a security control is a measure for which one of the following?
- Expected outcome of a control action
- Efficient process
- Security policy
- Security procedure
Q4. The collection of security process, test data, and reporting is used to verify what?
- Security controls are documented
- Employee awareness about security controls
- Avoid social engineering attacks
- Security policies and procedures are continuously and uniformly applied
Q5. Third-party audits are conducted for what?
- Independent review of security
- Internal review of security
- Management review of security
- Administrative control validation
Q6. Audit logs may include all of these except:
- The terminal or location from which the user accessed the system
- Passwords provided by the users
- Any changes to system configuration
- Accessed information including files and the data
Q7. Identify some of the best practices in the information system audit control? (This is a drag-and-drop type of question. Here, and for similar drag-and-drop questions, you can draw a line from the list of answers from the left to the empty box on the right).
Q8. An organization engages an agency to conduct an independent audit on its systems. Such an audit is known as what?
- Internal audit
- Second party audit
- Third party audit
- Compliance review
-
No Comment